AWS S3 Bucket Security: The Top CSPM Practices
Blog Published: 06/10/2024
Written by ArmorCode.An S3 bucket is a fundamental resource in Amazon Web Services (AWS) for storing and managing data in the cloud. S3 stands for "Simple Storage Service," providing scalable, durable, and highly available object storage.S3 is widely used for various purposes, such as storing bac...
The Human Element in AI-Enhanced SOCs
Blog Published: 06/10/2024
Written by Cetark.In today’s cybersecurity landscape, Security Operations Centers (SOCs) are increasingly using Artificial Intelligence (AI) to boost their defenses. AI offers substantial benefits, like automating repetitive tasks and improving threat detection, but human expertise remains essent...
Application Security Solutions: CNAPP vs CSPM vs ASPM
Blog Published: 06/07/2024
The CSA Security Update podcast is hosted by John DiMaria, Director of Operations Excellence at CSA. The podcast explores the CSA STAR program, cloud security best practices, and associated technologies. In this blog series, we edit key podcast episodes into shorter Q&As. Today’s post feature...
Secure Your Staff: How to Protect High-Profile Employees’ Sensitive Data on the Web
Blog Published: 06/07/2024
Originally published by CrowdStrike.Written by Ben TerMeer, Brian Bunyard, and Keith Mason.Organizations are increasingly concerned about high-profile employees’ information being exposed on the deep and dark web. The CrowdStrike Counter Adversary Operations team is often asked to find fake soci...
Security Considerations for Hardware Security Module as a Service
Blog Published: 06/07/2024
A hardware security module (HSM) is a trusted platform for performing cryptographic operations and protecting keys. A main feature of the HSM architecture is its special co-processor that performs cryptography functions. HSMs also consist of a hardware-based random number generator, RAM, storage,...
Zero Trust Hitting ‘Critical Mass’ at Federal Level
Blog Published: 06/06/2024
Originally published by CXO REvolutionaries.Written by Kavitha Mariappan, EVP, Customer Experience and Transformation, Zscaler.In early 2024, when the federal government got wind of certain Ivanti vulnerabilities, it immediately advised civilian executive branch agencies to disconnect these solut...
Artificial Intelligence (AI) in Risk Assessment and Mitigation
Blog Published: 06/06/2024
Written by Ashwin Chaudhary, CEO, Accedere.The advancement of generative AI technologies like GPT has led to rapid growth in AI adoption worldwide. While companies adopt AI with the intention of being competitive in the market, they often overlook the security risks that come with AI that can aff...
The Risks of Relying on AI: Lessons from Air Canada’s Chatbot Debacle
Blog Published: 06/05/2024
Originally published by Truyo.In the era of artificial intelligence (AI), companies are increasingly relying on automated systems to streamline operations and enhance customer service. However, a recent incident involving Air Canada’s AI-powered chatbot serves as a stark reminder of the risks ass...
CSA Community Spotlight: Advancing Thought Leadership with Cybersecurity Architect Shruti Kulkarni
Blog Published: 06/05/2024
For the last 15 years, CSA has been disseminating expert-led thought leadership to the cybersecurity community at large. Our offerings have included research publications, trainings, blogs, in-person and virtual webinars and events, and many other initiatives based on top-of-mind security concern...
Cloud Security Alliance Announces Implementation Guidelines v2.0 for Cloud Controls Matrix (CCM) in Alignment with Shared Security Responsibility Model
Press Release Published: 06/04/2024
Update strengthens CCM’s position as the cloud security industry’s preferred control frameworkSEATTLE – June 4, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing en...
CSA STAR: Securing the Cloud and Beyond
Blog Published: 06/04/2024
CSA’s Security, Trust, Assurance and Risk (STAR) program is in its 13th year and is one of the offerings we have developed that I am most proud of. I would even go so far as to say we are the gold standard for cloud provider assurance, as our public registry contains listings for over 2,500 cloud...
3 Ways AI Can Streamline Your Regulatory Compliance
Blog Published: 06/04/2024
Originally published by RegScale.In an era where regulatory changes are fast and frequent, organizations have a difficult time keeping up. They fall behind on compliance and jeopardize passing their audits or inspections. To avoid falling behind even further, organizations need to speed up the co...
Cloud Security Alliance Survey Finds 70% of Organizations Have Established Dedicated SaaS Security Teams
Press Release Published: 06/04/2024
Despite economic uncertainty, organizations are prioritizing SaaS security investmentGartner Security and Risk Management Summit, National Harbor, Maryland – June 4, 2024 – Seventy percent of organizations have prioritized investment in SaaS security, establishing dedicated SaaS security teams, d...
Unmasking Vendor Fraud: Detecting Suspicious Activity in Email Communications
Blog Published: 06/04/2024
Originally published by Abnormal Security. Written by Jake Shulman. Not all email attacks involve the use of malicious links, malware, or attachments. Increasingly, attackers rely on social engineering tactics to exploit unsuspecting employees. One of the highest value and most pernicious forms o...
Why a Serverless Architecture Improves the Security of Cloud-Native Applications
Blog Published: 06/03/2024
Originally published by Tenable. Cloud-native architecture has revolutionized developer practices, decentralizing components from monolithic server setups into easily consumable services. Consequently, organizations have migrated to the cloud at an accelerated pace, decreasing development time, ...
Cloud Threats Deploying Crypto CDN
Blog Published: 06/03/2024
Originally published by Sysdig.Written by Stefano Chierici.The Sysdig Threat Research Team (TRT) discovered a malicious campaign using the blockchain-based Meson service to reap rewards ahead of the crypto token unlock happening around March 15th. Within minutes, the attacker attempted to create ...
Decommissioning Orphaned and Stale Non Human Identities
Blog Published: 06/03/2024
Originally published by Oasis Security.Written by Yonit Glozshtein, Director of Product Management, Oasis Security.Unmanaged non-human identities (NHIs) pose a significant security risk in today's digital landscape. NHIs often operate outside traditional IT security reviews, making them vulnerabl...
Learn How to Navigate Ransomware Attacks in a Digital World
Blog Published: 05/31/2024
Written by LRQA.In an increasingly digital world, ransomware attacks have become a prevalent threat, disrupting businesses and causing significant financial losses. The increasing volume and impact of ransomware attacks - which encrypt victims’ computer files until they pay a fee - poses a signi...
What is Agile Compliance? | Continuous Monitoring for Enhanced Risk Reduction
Blog Published: 05/31/2024
The CSA Security Update podcast is hosted by John DiMaria, Director of Operations Excellence at CSA. The podcast explores the CSA STAR program, cloud security best practices, and associated technologies. In this blog series, we edit key podcast episodes into shorter Q&As. Today’s post feature...
What are the ISO 9001 Requirements?
Blog Published: 05/31/2024
Originally published by Schellman. When seeking ISO 9001 certification, part of that road to compliance will be aligning your required quality management system (QMS) with the key clauses (4-10) within the standard, each of which focuses on a specific facet of that management system—context, lead...
